Vulnerability in Oracle Retail Xstore Office by Oracle
CVE-2018-3300

5.4MEDIUM

Key Information:

Vendor: Oracle
Status: Retail Xstore Office
Vendor: CVE Published:; 16 October 2019

What is CVE-2018-3300?

An improper access control vulnerability exists in Oracle Retail Xstore Office, allowing low privileged attackers with network access to exploit this flaw via HTTP. Successful attacks can lead to unauthorized access to sensitive data, enabling attackers to update, insert, or delete critical information within the system, as well as read access to certain available data. This poses significant risks to the confidentiality and integrity of data managed by Oracle Retail Xstore Office.

Affected Version(s)

Retail Xstore Office 7.1

References

http://www.oracle.com/technetwork/security-advisory/cpuoc...

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 16, 2019
Vulnerability Reserved
Dec 15, 2017